The United States Cybersecurity & Infrastructure Security Agency has issued a joint advisory warning that hackers with links to Iran and its government are turning their attention to critical infrastructure targets.
The advisory – issued alongside the Federal Bureau of Investigation, National Security Agency, Environmental Protection Agency, Department of Energy, and United States Cyber Command - Cyber National Mission Force – said the threat actors were paying particular attention to programmable logic controllers, a vital component.
“The advisory warns U.S. organisations of ongoing cyber exploitation targeting internet-connected operational technology devices, including Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs), across multiple critical infrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems, and Energy,” CISA and its partners said.
The possible disruptions such activity can cause include manipulation of data that can lead to disruption and financial loss, as well as “malicious interactions with the project file and manipulation of data on the human-machine interface”.
“The authoring agencies recommend organisations review the tactics, techniques, and procedures and indicators of compromise in this advisory for indications of current or historical activity on their networks and apply the recommendations in this advisory to reduce the risk of compromise.”
Key actions advised by CISA include removing PLCs from direct internet exposure, investigating logs for Indicators of Compromise, and investigating any suspicious traffic on ports typically associated with OT devices.
Infrastructure defenders should also place the physical key switch on any controllers into the run position.
Joe Saunders, CEO of cyber security firm RunSafe Security, told Cyber Daily attacks such as these are new key components of modern warfare – particularly for countries in situations such as Iran’s.
“Not only does Iran have the means, it has the motivation to undermine the US Government and disrupt a well-functioning society,” Saunders said.
“Cyber attacks are one way to break down physical barriers and can be executed at a time and place of a nation-state’s choosing to achieve counter-effects. We should all be prepared for cyberattacks, with an eye toward resilience and recovery.”
You can read the full advisory here.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.